Case in point, why does the congress have to subpoena the white house e-mail, or why does AMD have to subpoena Intel's e-mail.

REST MY CASE!

All this retention of records and mail for "legitimate" goverment, protection of the people against terrorism snooping/security purposes will be a gold mine of information for newly installed, changed administrations.... flexing their muscles.

Although it will all end up looking like a joke I suppose, with so much being hidden.......or will there be special exemptions/privileges/Stay out of Jail free cards?

Don't bother answering that if you think it most unlikely and are "never, that would be criminal" minded.

These over reaching cretins are sawing the branch they are sitting on. I don't for a moment believe email is private, but I will bet that the people saying you have no right to privacy are going to say something in an email sometime that will be read and cause their downfall.

After reading this, I was considering switching to a non-US e-mail provider, then I remembered the RIP act abolished online privacy yonks ago. And by not having a constitution, we've saved all the bother of having to find a court to circumvent it. Rule Britannia!

The solution is obvious: always encrypt. Whether you're sending a quick hello to a friend, or a sales projection to a colleague, always encrypt your email. If everything is encrypted, they can't sort the wheat from the chaff.

Yet I'm having a devil of a time convincing even die-hard privacy activists to encrypt their email. It's not that difficult to setup on Mac/Windows/Linux, yet they just won't bloody do it. People who have gone to great extremes to protect their privacy are still not encrypting their email as a matter of habit. I find that really strange, and I have no explanation for the phenomenon.

... is kidding themselves anyway! "They" are reading it - get used to it, and don't write anything you wouldn't want read out on the six o'clock news. And encryption? Hello? If the recipient can read it, so can "they"!

Fine in theory, but how long before the USgov brings in something like the UK legislation making it an imprisonable offence to refuse/fail to hand over encryption keys?

You have no right to private email, we can't read the emails your ISP has obligingly handed over, whilst wagging its tail like a good little doggy, now ante up the encryption key(s) or it's off to prison for 5 to 10.

I still reckon the only way to beat these bastards is for every man woman and child who uses the internet to include "bomb, jihad, Whitehouse, Downing Street, C4, Allah, biological weapon, infidel" as part of their email signature or (better) randomly inserted in the body of the email so that their software makes a "positive" on every little "I wnt 2 teh mall on Saturday an hung wiv my peeps it waz orsum. Mallrats FTW" email.

Fuck 'em. They want to read emails? Give 'em so much to read it's not funny any more.

None of this is new news. The government has ALWAYS felt that it's citizens have no right to privacy.

The point I'm making is that if more people do it then they won't be able to do what you suggest. Right now, yes, there are few enough people doing it that they could probably do what you suggest.

What I'm hearing you say is that I should censor myself now and let the government (pick a nation, any nation) just in case the government will eventually do it to me, because it's all going to hell in a hand basket anyway? Christ, and I thought *I* was a pessimist!

Well-encrypted messages should look like noise, so it would be interesting to send streams of noise as e-mail and claim it is a form of art (i.e. the result of some chaotic process (Hey, fractals, it must be art then! Fancy a t-shirt)). They cannot force you to hand over a key without proving it is an encrypted message, which they can't.

One completely uncrackable encryption scheme is using a one-time pad, i.e a key as long as the cypher text itself. The problem rests in sending the key through a secure channel (DVD by courier). If the pad is sufficiently random breaking the code requires tryig EVERY possible key of that length, which means that EVERY possible message of that length will turn up in the process. However, there is no way to select the correct one.

However, these people are noted for their sense of humor (i.e. that they have none), so playing these kinds of tricks is not a good idea. If they want to scan all e-mails, and store them in a vast data base for analysis, 95% of what they will end up with is spam, and of the remainder 99% is probably drivvel (if cell-phone conversations in trains are anything to go by). Finding EVERYTHING makes finding ANYTHING very difficult.

Type your comment here — plain text only, no HTML

".... transits a node in the US and therefore can be legally pilfered vs. clandestinely pilfered using SIGINT."

Oh dear. The Merkins only wring their hands about protecting the rights of other Merkins. If they wanted the emails of a 'foreign national' they would just take them.

So are they saying that as long as an entity is voluntarily conveying information of any type (email. phone message, letters, etc.) through some middle man, and the middle man has access to it, then the government by default has access to it as well? This does not sound like it'll fly. Whatever happened to the Common Carrier concept? Did it go out the window with all of these Terms of Service contracts we all enter into nowadays? And what of the fourth amendment here? How does utilizing a service for delivery suddenly make a piece of communication open to all? What happened to the right of people to their privacy of thei reffects against "unreasonable searches and seizures?" Would warrants even be required any more? If not, then I guess the question of reasonable would be defenestrated.

If this argument does fly and suddenly email is no longer an expected private means of communication, any important e-mail I send will be encrypted from this point on. This also leads down a dangerous slippery slope: If email is not private for this reason, then why are phone conversations private? Why is snail mail private? Let us hope that it does not get that bad.

The US Constitution and their liberty & justice for all is sounding increasingly akin to the democratic people’s republic of Korea… I can’t for a moment imagine why these two aren’t friendlier… oh yes, north Koreans don’t have email (except for a handful of specially trained cyberfans trying to read Georgie’s email). I’m not sure which country I should visit first… I might actually have more freedom in north korea… haha

It must be getting easier for the bad guys to hide simply by appearing to elint to be harmless.

I've been using GnuPG for a while now under the guise of GPG4Win <http://www.gpg4win.org/> and <http://www.gnupg.org> or you might like to try Enigmail - it's an extension to the Mozilla Thunderbird and Mozilla Seamonkey mail client again using GnuPG

Pretty soon Americans won't have the right to inhale if it interferes with the Bush gang's ability to rape and plunder is hindered. Besides; why argue if it's in the Constitution? Bush has been wiping his backside with it since he stole office.

But hopefully stories like this will help encryption to become ubiquitous, with easy to use plug-ins for email clients.

True, it is no guarantee but no point in making it easy for them. Might work as a spam filter too-- reject any email that arrives unencrypted-- and when the spam-meisters compensate for that and encrypt all spam, that'll give 'em some gibberish to waste their time on when they should be out pounding the pavement looking for the real bad guys instead of expecting the NSA to magically do all their work for them.

Just as they thought high-tech weaponry would win in Iraq they think high-tech surveillance will do the same at home,. The serious bad guys will be writing a letter to "mom" about the "thanksgiving turkey" where everything is a keyword that means something nefarious but flies under the auto-surveillance radar-- there's more than one form of encryption and the best forms won't appear encrypted at all. Certainly any bad guy worth his salt must be well aware that all his communications are subject to surveillance, as these guys aren't even trying to hide that fact anymore (or if they are, it sure ain't working).

"Whatever happened to the Common Carrier concept?"

ISPs are not common carriers. Period.

>Or buy a cell phone with a stolen credit card, and the government can read your text messages?

I certainly hope so!

Didn't they determine a few years back that email can be considered binding, legal documents? How else would Tumbleweed and companies like that use it for packaging actual contracts and such?

I can legally read all the email on the Republican National Committee's email server?

All I see is a lot of people in a pram, and some toys on the floor by the side of it, having been thrown out of said pram. I accepted the fact years ago that email is not private, and that the government would be able to read what they wanted. I also accept that while amusing, they would have no general interest in my kinky messages to my girlfriend, and as I am not plotting global domination then my general messages are of no interest to them.

I think that much ado has been made of almost nothing. The fact is that they read your emails anyway, this just allows them to bring the contents into court if required. The simple message being, if you are a criminal, don't use emails.

We have no other defenses left. If my use of encryption raises any flags, let it. I'd rather go down as a wolf than a sheep.

Stop the conspiracy theories about the NSA having cracked every code ever devised. While there's no way to be sure, it seems very unlikely. But *don't* use your own homegrown ciphers. They are guaranteed worthless. Use the standards that have undergone rigorous public scrutiny. A lot of very smart people have looked at them, and they do seem pretty good.

The fact is that the NSA doesn't *have* to crack encryption because the vast majority of communications between ordinary people and even companies is still in the clear, even the sensitive stuff. And even if it were all encrypted, they can still see who it's from, who it's to, when it was sent and how big it was. This is called "traffic analysis". It lets them map out who talks to who, and quite often that's enough to figure out who are the leaders and followers of a group.

But we should still encrypt the contents of our communications on principle. Don't do it for just the important stuff, do it for everything, even discussions about the weather. Make it a habit. Learn how to do it, get your friends and family to do it, make it so routine that you don't even think about it. Look into S/MIME, the standard for encrypted email that has been built into Thunderbird and other email programs for years (but is rarely used). Do *not* use webmail; by its very nature it cannot be encrypted against interception by the ISP that provides it.

Another lesson we've learned in the practical use of cryptography is that the better is often the enemy of the good. The main reason we don't routinely encrypt all our email is the lack of an easy to use public key infrastructure. But the fact is that we could have completely thwarted the NSA's massive, passive eavesdropping without it. In cryptography, as in many things, you can get 99% of the benefit with only 1% of the effort.

Above all, learn as much as you can and *don't give up*.